Security

Hifn, the power behind network and information security, announced today a company initiative to advance the level of support and ease of use of hardware security processors. Hifn has contracted with Xelerance Inc., the recognized open source security specialists, in a major development effort to make the industry's fastest cryptographic accelerators as easy to use as graphics or sound cards.

Heralding a pivotal shift in bank card systems, Risk IDS has released the industry’s first open source card fraud prevention system. The company says this move is set to shake up the way banking decision-makers view software licensing worldwide and has left competing system vendors nervous at the prospect of their revenues being eroded by a more feature-rich platform that is free to use.

As far as encryption software goes, TrueCrypt may be one of the best open-source gems and least-recognized software offerings on the market. The CRN Test Center considers the utility, now at version 4.2, the ultimate information-hardening tool. Though the software is deceptively simple to use, it sports some cool features that help users encrypt entire partitions and hide data in virtual volumes.

A security researcher has discovered a vulnerability in McAfee's VirusScan Command Line Scanner antivirus software that could enable remote attackers to execute malicious code.

The flaw affects VirusScan versions 4510e and older and is caused by a glitch in an embedded DT_RPATH tag, which instructs the software to search the working directory for shared library files in Linux.

The OpenSSL Project, an international open source community, adopted "Camellia," a 128-bit block cipher(1) algorithm jointly developed in 2000 by Nippon Telegraph and Telephone Corporation ('NTT') and Mitsubishi Electric Corporation ('Mitsubishi'), into its OpenSSL toolkit for use in the development of SSL/TLS(2) protocol.

Alan Cox, The biggest name in Linux besides Linus himself has stated that many open-source projects were far from secure.

This is a big blow to the common conception that Linux is more secure than other operating systems. Unfortunately he is very right. Due to the nature of open source anyone can be a programmer. They don't have to be good they just have to want to do it. Some open source projects are good on ideas and features that everyone uses but are nothing but spaghetti under the hood.

The talk lately has centred about Vista's security APIs, but Linux certainly needs improvements in this area, because AV vendors still rely on an external kernel module to implement "real time" file scanning.

Debates over what methods result in the best software often pit those who favor an open-source approach against proponents of proprietary, or closed-source, development. Conventional wisdom holds that open-source software should have fewer security flaws than proprietary software. With more eyes able to look at the underlying source code, bugs should be found and squashed much faster.